Bug#174987: current xdvi-pl depends on perl-5.8
From: TSUCHIYA Masatoshi <tsuchiya@pine.kuee.kyoto-u.ac.jp>
Subject: Bug#174987: current xdvi-pl depends on perl-5.8
Date: Sat, 01 Feb 2003 18:16:13 +0900
> Because the current xdvi-pl depends on perl-5.8, it is impossible to
> install tetex-bin to woody or sarge, even if it is recompiled. So, I
> propose the attached patch, which makes xdvi-pl independent from
> perl-5.8.
>
> I think that the misusage of tempfile() enables the attack described
> in the bug report #174987. When tempfile() is called with a template
> but without DIR option, it creates a temporary file on the current
> working directory without checking whether the directory is safe or
> not. Therefore, when this misusage is removed, xdvi-pl is still safe
> and do not depend on perl-5.8.
I believe that it is much better that tetex-bin doesn't
depend on a particular version of Perl.
Chung-chieh or Julian, how do you think on this patch?
I'm just preparing teTeX 2.0 so this is a good chance
to use this patch if it is safe enough.
Best regards, 2003-2-4(Tue)
--
Debian Developer & Debian JP Developer - much more I18N of Debian
Atsuhito Kohda <kohda@debian.org>
Department of Math., Tokushima Univ.
Reply to: